Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Leadership and ManagementSecurity & Business ResilienceSecurity Education & Training

How to recover from your next data breach

By Ara Aslanian
What to do after a data breach to ensure business continuity at your organization
November 10, 2020

There is an ebb and flow to cybersecurity. Black Hats find a vulnerability, White Hats find a patch, and businesses are left in the middle in a constant state of risk. 

Attacks are getting more common and more sophisticated. Ransomware attacks alone occur every 40 seconds and ransomwares like Ryuk and Maze show increasing complexity in being able to target the most crucial parts of a network. The impact on businesses is staggering. Business losses attributed to cybercrime totaled more than $2 trillion in 2019, according to a recent report from Juniper Research. This does not include the negative effects an incident can have on a company’s reputation and future financial success. 

Even if you have taken all the right steps to secure your data, it is very likely that at some point you will be breached and will need to know what to do afterwards. So, in the event of a data breach, what steps can you take to ensure business resilience and continuity?

The choices you make when an attack happens are critical. They can either mitigate the damage or make it worse.

Nevertheless, many companies are unprepared. Even those that have built robust defenses miss an important step: a comprehensive response plan that will guide them in the event of a breach. About 77% of security and IT professionals do not have an enterprise-wide cybersecurity response plan, according to the 2020 Cost of a Data Breach Study from IBM. 

Having a plan in place can limit the financial, legal and reputational impact of a data breach.

Put Together a Response Team

A data breach demands a comprehensive response. Knowing who will be part of your response team and assigning their primary tasks ahead of time will help you quickly take appropriate action. The team should be enterprise-wide and include key members of the executive team and board of directors, the head of IT, security experts, as well as representatives from your legal, communications and HR departments.

It is important to remember that it is not just your company’s data that has been compromised. Employees need to know what risk they are at and what they need to do. Vendors and clients who were impacted need to be informed.

Having a comprehensive team in place will help create a multifaceted plan that addresses all the issues a data breach may create.

Identify the Source and Spread

In the aftermath of an incident, you do not want to take any steps that might spread the problem inadvertently. Keep focus on identifying the source of the attack and isolate the affected servers and systems. Infected machines should be analyzed to determine if a full operating system restore is required or if they can be cleaned using anti-ransomware software. As ransomwares like Ryuk evolve, creating a hierarchy of attack on a network, this isolation becomes even more crucial. This latest generation of attacks can be more effective, faster, and spread wider than those of the past. Ensuring your team is educated and updated on the latest variants will help them to know where to start looking once a breach occurs.

Think Before You Act

If a ransomware attack happens and employees find themselves locked out of their data, the gut reaction may be to reload from backed-up files. That is what they are there for after all. There is a good chance, however, that these files have also been targeted by the attack, leaving them encrypted, unrecoverable or also infected. Always train employees to scan backup files before attempting a recovery. 

Digital storage systems that enable point-in-time recovery can be invaluable in reducing downtime from a ransomware attack that manages to encrypt data and backup files. These systems enable security and IT teams to roll back to a restore point before the infection, which should recover the bulk of the data in a single step.

Since these systems track changes at the block level, they are able to recover quickly. Back-ups of the most critical files and data should be kept in air-gapped storage systems. This ensures that at least one copy of the data is always housed on servers that are isolated from the network and will remain unaffected by an attack. 

Don’t Cover It Up

When it comes to data breaches of any kind, from a DDoS attack to malware, there can be a perceived negative stigma. There may be fears that the breach will make your company look careless and undermine the trust of clients and partners. There may be an impulse toward keeping quiet. After all, if no one knows about it, it didn’t really happen.

The truth is these sorts of attacks are common. A breach is not a sign of corporate weakness, it is an unfortunate reality of existing in the digital age. The worst thing you could do after a breach is to keep it quiet.

In many cases, your company has a legal duty to notify law enforcement or privacy regulators. Every attack needs to be understood so as to give White Hats a chance to bring equilibrium to that ebb and flow of vulnerability.

Reporting is the first thing you can do to protect your organization from a subsequent attack. 

In addition, a common mistake is to shut off machines after an attack. Don’t do so before experts have examined them, or you may hinder the investigation. Begin by notifying your local police department and filing an official complaint. If they lack experience investigating data breaches, contact the FBI Internet Crime Complaint Center, as well as the U.S. Computer Emergency Readiness Team, which is part of the Department of Homeland Security. If sensitive data about customers has been compromised, you’ll also need to file a report with the Federal Trade Commission.

Additionally you will need to work with your legal, HR, and customer support teams to let all affected parties know of the breach, what you are doing to protect them, and what they should do. While fear of response may make you want to keep the breach a secret, the damage you could potentially cause by doing so will out-shadow the damage from being transparent.

Protect Your Network from Another Attack

In the aftermath of a breach, your company’s leadership will be focused on cybersecurity. That presents an opportunity for a wide-ranging evaluation of your current security practices, procedures and tools. Don’t waste it.

Look beyond determining simply what failed in this instance and what fix needs to be applied to also consider vulnerabilities across the entire company. Are employees being properly trained in how to identify potential instances of phishing? Is your BYOD policy up-to-date with current technologies? Is it being actively enforced? Are passwords being regularly changed? Are technologies such as two-step verification and off-site data backup being used? 

Identify all the vulnerabilities in your network and human components of your company. Deploy security software, hardware and protocols to address these issues.

The best defense against a future attack is a layered approach that includes endpoint protection, firewalls, antivirus and anti-ransomware software. A hacker’s favorite route to your data is through employees, so recommit to training staff and keeping them up-to-date on the latest schemes and tactics being used to trick them into opening an email or clicking on a link.  

Even companies that have taken every measure to protect themselves can experience a data breach. The steps you take once a breach happens can mean the difference between a quick recovery that diminishes damage or a spiraling crisis.

KEYWORDS: business resilience planning cyber security cyber threats data breach data security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ara Aslanian is co-founder and CEO of reevert, a hybrid data backup and storage solution. He is a member of the advisory board at LA CyberLab and on the leadership council of Secure the Village, both of which monitor emerging online threats and provide education on countering them.

 

 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Security consultant in boardroom

    How to recover from a cyberattack

    See More
  • cyber security lock

    Cybersecurity lessons from the red team: How to prevent a data breach

    See More
  • online shopping

    How to protect your ecommerce data from disaster in 2021

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

  • 9780367221942.jpg

    From Visual Surveillance to Internet of Things: Technology and Applications

See More Products

Events

View AllSubmit An Event
  • September 3, 2024

    From DDoS Protection to WAAP: How Layered Protection Enhances Your Cybersecurity Strategy

    ON DEMAND: By participating in the webinar, attendees will gain enhanced knowledge of cyber threats and understand the current spectrum of cyber threats facing businesses.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!